On Thursday 19 May 2011 08:19 PM, Hyrum K Wright wrote:
> On Thu, May 19, 2011 at 3:48 PM, Arwin Arni<arwin_at_collab.net> wrote:
>> In our implementation of SVN_ERR_ASSERT, we do:
>>
>> #define SVN_ERR_ASSERT(expr) \
>> do { \
>> if (!(expr)) \
>> SVN_ERR(svn_error__malfunction(TRUE, __FILE__, __LINE__, #expr)); \
>> } while (0)
>>
>> This ends up calling svn_error_abort_on_malfunction (inside
>> subversion/libsvn_subr/error.c) which calls abort() indiscriminately:
>>
>> svn_error_t *
>> svn_error_abort_on_malfunction(svn_boolean_t can_return,
>> const char *file, int line,
>> const char *expr)
>> {
>> svn_error_t *err = svn_error_raise_on_malfunction(TRUE, file, line, expr);
>>
>> svn_handle_error2(err, stderr, FALSE, "svn: ");
>> abort();
>> return err; /* Not reached. */
>> }
>>
>>
>> Wouldn't this abort() regardless of maintainer-mode?
>> Shouldn't there be some difference between maintainer-mode and production?
>
> What is the alternative? The idea is to catch potential invalid
> states in the code. *Not* aborting would put the system in an
> undefined condition and cause potential further damage.
>
>> Am I missing something here?
>
> In the command line client, we are free to abort() when we want, and
> that's what we do in this case. When Subversion is used as a library,
> abort()ing is Bad Behavior, as it may crash the process in which
> Subversion is embedded, and has no knowledge of. Because of this, we
> give clients the ability to override the function called by
> SVN_ERR_ASSERT(), so they can handle the error however they choose.
>
Fair enough. However, I noticed that there is no SVN_ERR_ASSERT inside
our mod_dav_svn or mod_authz_svn code.
(In an attempt to not abort() from inside an httpd process?)
But mod_dav_svn calls some other svn library which may abort(). Wouldn't
this end the server process? Is it okay for apache to die?
Regards,
Arwin Arni
Received on 2011-05-19 17:37:43 CEST